<script>
$('form[action="POST"]').append('<input type="hidden" name="<?php echo setting_get('xn_anti_spam_key');?>" value="<?php echo setting_get('xn_anti_spam_key');?>" />');

<?php $__rand = $time.'_'.md5($ip.$useragent.$conf['auth_key'].$time);?>
$('form[action="POST"]').append('<input type="hidden" name="__anti_xss__" value="<?php echo $__rand;?>" />');
$.cookie('__anti_xss__', '<?php echo $__rand;?>');

// 重新定义 $.xpost()，追加 postdata
$.xpost_old = $.xpost;
$.xpost = function(url, postdata, callback, progress_callback) {
	if(xn.is_object(postdata)) {
		postdata['__anti_xss__'] = '<?php echo $__rand;?>';
	} else if(xn.is_string(postdata)) {
		postdata += '&__anti_xss__=<?php echo $__rand;?>';
	} else if(xn.is_function(postdata)) {
		callback = postdata;
		postdata = {__anti_xss__: '<?php echo $__rand;?>'};
	}
	return $.xpost_old(url, postdata, callback, progress_callback);
};

</script>